Impossible to log in: recaptcha refused to load the script #783
Comments
|
Hi @cbellone |
|
Hi @cougil , I have applied your suggestion to the 2.0-M1-maintenance branch, as the 1.x-maintenance is EOL. I would suggest you to switch your instance to the current stable branch Thanks |
|
Hi @cbellone |
|
it depends on the modifications that you've made on your fork. Migrating a "vanilla" 1.x alf.io to 2.0-M1 is safe. We have migrated dozens of instances managed by @swicket without any problems. If your fork contains database modifications, I would suggest you to give it a try it locally using a database backup first |
|
Ok, thank you very much! We didn't change our database, so I think it will be safe to migrate to 2.0-M1 |
|
please wait until the fix has been merged :) EDIT: see #811 |
|
wops! sorry! 😛 |
Describe the bug
It is impossible to log into alf.io admin console when you have recaptcha activated.
To Reproduce
Steps to reproduce the behavior:
Refused to load the script 'https://www.gstatic.com/recaptcha/releases/xxxxxxxx/recaptcha__xxxx.js' because it violates the following Content Security Policy directive: "script-src 'self' https://js.stripe.com/ https://api.stripe.com/ https://www.google-analytics.com/ https://ssl.google-analytics.com/ https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/api2/ https://maps.googleapis.com/ https://connect.facebook.net/ https://www.facebook.com/". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.Expected behavior
See the recaptcha & login button appear
Screenshots
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
alf.io version:
1.x-maintenanceBtw, I've been having a look and with this simple change I think it could be solved. I can prepare a PR if you think it could be integrated in the current 1.x maintenance branch ;-)
Best,
The text was updated successfully, but these errors were encountered: